W3C home > Mailing lists > Public > ietf-http-wg@w3.org > April to June 2012

Re: breaking TLS (Was: Re: multiplexing -- don't do it)

From: Willy Tarreau <w@1wt.eu>
Date: Fri, 6 Apr 2012 23:14:24 +0200
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Roberto Peon <grmocg@gmail.com>, Nicolas Mailhot <nicolas.mailhot@laposte.net>, ietf-http-wg@w3.org
Message-ID: <20120406211424.GB4336@1wt.eu>
On Fri, Apr 06, 2012 at 08:48:54PM +0000, Poul-Henning Kamp wrote:
> In message <4F7F53B7.20103@cs.tcd.ie>, Stephen Farrell writes:
> 
> >On 04/06/2012 09:29 PM, Roberto Peon wrote:
> >> doesn't breach the user's
> >> trust without the user's knowledge.
> >
> >Ideas for how to do that welcome;-)
> 
> If we amend the proxy protocol as several has proposed, the endpoint
> of trust for the user will be the proxy.
> 
> What happens after that point is entirely opaque to the user, and
> it will have to be left to the user to decide if the proxy is
> trustworthy.

In my opinion we should let the user decide between GET https:// and
CONNECT. That solves all issues because admins can let just a short
whitelist run on CONNECT, with the rest being analyzed.

Willy
Received on Friday, 6 April 2012 21:14:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:59 GMT